Cookie Policy — Embr
Effective date: 20 April 2026 Last updated: 20 April 2026 Version: 1.0
1. What Are Cookies
Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work efficiently, to remember your preferences, and to provide analytical information to site owners.
This Cookie Policy explains how Embr (operated by Piotr Zajac, JDG, Poland — see our Privacy Policy) uses cookies and similar tracking technologies on getembr.io.
2. Types of Cookies We Use
2.1 Strictly Necessary Cookies
These cookies are required for the Service to function. They cannot be disabled.
| Cookie Name | Purpose | Duration |
|---|---|---|
sb-access-token | Supabase authentication session | Session |
sb-refresh-token | Supabase session refresh | 7 days |
__paddle_checkout | Paddle checkout session state | Session |
csrf_token | CSRF protection | Session |
Legal basis: These are technically necessary — no consent is required under Article 5(3) of the ePrivacy Directive (and Polish implementing law — Prawo telekomunikacyjne, Art. 173).
2.2 Functional Cookies
These cookies remember your preferences to improve your experience.
| Cookie Name | Purpose | Duration |
|---|---|---|
embr_locale | Remember language / locale preference | 1 year |
embr_theme | Remember dark/light mode preference | 1 year |
embr_onboarding_step | Track onboarding progress | 30 days |
Legal basis: Legitimate interests / user-initiated preference. You can clear these by clearing your browser cookies.
2.3 Analytics Cookies
We use analytics to understand how the Service is used so we can improve it. We use [PostHog / Plausible Analytics] — configured to:
- Anonymise IP addresses before storage
- Not share data with advertising networks
- Process data within the EU where possible
| Cookie / Technology | Provider | Purpose | Duration |
|---|---|---|---|
ph_* (PostHog) | PostHog Inc. | Product analytics, session recording (anonymised) | 1 year |
_plausible | Plausible Analytics | Cookieless analytics (no persistent cookie) | N/A |
Legal basis: Legitimate interests. You may opt out (see Section 4).
2.4 Marketing / Third-Party Cookies
At MVP launch, we do not use advertising or retargeting cookies. If this changes, we will update this policy and obtain your consent in accordance with Article 5(3) of the ePrivacy Directive.
3. Third-Party Technologies
The following third-party services embedded in the Service may set their own cookies:
| Provider | Purpose | Their Privacy Policy |
|---|---|---|
| Paddle | Payment checkout overlay | paddle.com/legal/privacy |
| Supabase | Authentication | supabase.com/privacy |
4. Your Cookie Choices
4.1 Cookie Consent Banner
On your first visit, we display a cookie consent banner where you can accept or decline non-essential cookies (analytics). Your choice is stored for 12 months.
You can change your preferences at any time by clicking "Cookie preferences" in the website footer.
4.2 Browser Settings
You can control and/or delete cookies via your browser settings:
- Chrome: Settings → Privacy and Security → Cookies
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Settings → Privacy → Manage Website Data
- Edge: Settings → Privacy, Search and Services → Cookies
Note: disabling strictly necessary cookies will prevent the Service from functioning correctly.
4.3 Opt-Out of Analytics
- PostHog: You may opt out by clicking the "Do Not Track" option in your browser or by using the cookie preferences panel on our site.
- Plausible: Plausible is cookieless and does not track individuals across sites. No opt-out is required.
5. Do Not Track
We respect the "Do Not Track" (DNT) browser signal. If your browser sends a DNT signal, we will disable analytics tracking for your session.
6. Data Protection
Information collected via analytics cookies is processed in accordance with our Privacy Policy. Analytics data is aggregated and anonymised where possible. We do not use cookie data to build individual advertising profiles.
7. Changes to This Cookie Policy
We may update this Cookie Policy as we add new features or third-party services. We will notify you of material changes via the consent banner or email. The current policy is always available at [getembr.io/cookies].
8. Contact
Questions about our use of cookies:
Embr / Piotr Zajac Email: privacy@getembr.io Bachledzki Wierch 7a/1, 34-500 Zakopane, Poland
Supervisory authority (Poland): Urząd Ochrony Danych Osobowych (UODO) — uodo.gov.pl
© 2026 Embr. All rights reserved.